Over the past few weeks, I’ve written a couple of articles (here and here) ruminating on OpenStack’s broadening ambitions and desires to move beyond infrastructure. I’ve suggested that the foundation is looking to become an uber-body and move beyond simply shepherding a virtualization-based project but instead move into adjacent (or not so much) areas. Ed – to clarify, the stated intention of the OpenStack Foundation was to focus on infrastructure, but more broadly than just OpenStack. Potatoe/potato but worth clarifying…

It seems I was pretty close to the foundation’s intended approach and this morning, alongside the KubeCon and Cloud Native Conference being held in Austin, Texas, the OpenStack Foundation is announcing a new project, Kata Containers, which, according to the foundation, aims to unite the security advantages of virtual machines (VMs) with the speed and manageability of container technologies. The project is designed to be hardware agnostic and compatible with the Open Container Initiative (OCI) specification, as well as the container runtime interface (CRI) for Kubernetes. In practice, Kata Containers offers the ability to run container management tools directly on bare metal without sacrificing workload isolation. When compared to running containers on virtualized infrastructure (which is the standard practice today), benefits include increased performance, faster boot time and cost efficiencies.

You heard that right. The foundation which is charged with furthering the interests of OpenStack, the open source virtualization-based cloud computing initiative, is pushing a project that will help to render virtualization, at least in part and as we currently know it, obsolete. And with it goes all the positioning of years that has suggested that full-blown virtual machines are the best places to run containers. Sacre bleu!

The rationale for Kata is that containers, for all of their efficiency and speed advantages, have some slightly existential security issues, due to the fact that keeping containers fully isolated from each other while sharing a single virtual machine is a difficult challenge. Kata Containers solves this by giving each container its own, lightweight virtual machine and kernel, so that each container or container pod run in its own isolated environment and gets its own allocation of networking, I/O and memory. This is achieved via the new virtualization technologies that Intel includes within its processors.

In terms of who is bringing the technology goods to the Kata project, Intel is contributing Intel Clear Containers technology, and Hyper is contributing runV technology to initiate the project. In addition to contributions from Intel and Hyper, the following companies are supporting the project at launch: 99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei, JD.com, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack and ZTE.

runV isn’t a completely new service – after all, JD.com, China’s largest eCommerce platform by revenue, currently offers a container service powered by runV, the technology from Hyper.sh that will form the basis for Kata Containers. The service exposes a Docker-like workflow, so developers who know Docker are able to jump in and deploy apps immediately. The Kata Containers project will initially comprise six components, including the Agent, Runtime, Proxy, Shim, Kernel and packaging of QEMU 2.9. It is designed to be architecture agnostic, run on multiple hypervisors and be compatible with the OCI specification for Docker containers and CRI for Kubernetes.

What is the structure for Kata?

As a departure from its virtualization focus, the optics of this are interesting. In practice, Kata Containers is a container infrastructure project managed by OpenStack Foundation and is an independent project with its own technical governance and contributor base. The Kata Containers community expects to collaborate and target all popular infrastructure providers and container orchestration frameworks in addition to OpenStack-powered clouds. ie – this is a “go broad” project for the Foundation.

Kata isn’t challenging Kubernetes as a project, but it is ticking off a functional area that is well within the ambit of the Cloud Native Computing Foundation (CNCF), the organization that is in charge of the Kubernetes project. Kata has a similar adjacent relationship with Docker. As such, it should be seen as non-competitive to the orchestration offerings, but absolutely competitive to use cases within the purview of the various foundations working on container technologies.

MyPOV

The OpenStack Foundation stated its intention to move into adjacent areas and containers was an obvious first play – that doesn’t make this announcement any less jarring, however. Both from the perspective of OpenStack moving focus beyond the OpenStack project and related initiatives and the obvious competitive tension it brings into the cloud infrastructure world. Things just got even more interesting in this space

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

Leave a Reply